Implement HSTS preload

This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in

src/nginxconfig.ejs

@@ -95,7 +95,13 @@ server {
     # dhparams is generated only after dns setup
     ssl_dhparam /home/yellowtent/platformdata/dhparams.pem;
 <% } -%>
+
+    <% if (hstsPreload) { -%>
+    # https://hstspreload.org/
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    <% } else { -%>
     add_header Strict-Transport-Security "max-age=63072000";
+    <% } -%>
 
     <% if ( ocsp ) { -%>
     # OCSP. LE certs are generated with must-staple flag so clients can enforce OCSP